Infocon: Yellow

Due to a number of very well working Windows exploits for this weeks patch
set, and the zero-day Veritas exploit, we decided to turn the infocon to yellow.

Advice: Use the weekend to patch ALL WINDOWS SYSTEMS. It may be worthwhile to
consider accelerated deployment of the patches even to critical systems if the
weekend is slow anyway. Backup Exec should be firewalled or disabled at this point.

Note: Consider unprotected internet facing machines infected at this point if they do not have this weeks patches applied. Patch and handle them with extra care.

Windows and Backup Exec exploits are out

In case you're waiting to see whether it's worth updating either
Windows or Veritas' Backup Exec, now's the time to do so. Live exploits
are out for both.

Specifically, MS05-039 appears to have 3 live exploits out for
it already, and Backup Exec has at least one exploit out.

We've said it already, but it's worth repeating - get those
patches in soon...

Which exploits are really out?

We've gotten a number of questions from readers about the
exploits we've mentioned over the past few days in the diary. Some of
them are publicly known and easily Google-able. Others are ones that
we've found out about from trusted sources that have asked us to not
share the exploit itself.

Because our goal is to provide timely alerts to the security
community, we generally don't provide the exploit code itself. If it
truly is publicly visible, you'll find it in a few minutes without our
help. And if the exploit is still generally private, we don't want to
be the conduit that accelerates attacks - people with lots of hat colors
read this diary. *smile*